Article Lead Image

6 ways to protect your Tumblr from future attacks

Even though the Great Tumblr Hack of Dec. 3 appears to have settled down, the entire ordeal brought the question of Tumblr account protection to the surface.


Mike Fenn

Internet Culture

Posted on Dec 4, 2012   Updated on Jun 2, 2021, 6:13 am CDT

The Great Dec. 3 Tumblr Hacking affected over 6,000 users. Rooted in a post crafted by the, uh, Gay Ni**er Association of America, or GNAA, the worm spread to the account of any user who clicked on the post.

Even though things appear to have settled down, the entire ordeal brought the question of Tumblr account protection to the surface. What steps can you take to prevent future attacks? How can your account have the best protection from day one?

We at the Daily Dot have put together some tips:

1) Change your password

This is an obvious one. Whenever an attack, big or small, affects any facet of your online life, changing your password should be a knee-jerk reaction. 

2) Log out

One way many Tumblr users dealt with GNAA’s blow was by logging out of their accounts.

It’s convenient to stay logged into Tumblr or any other social media site. To be sure, typing in your username and password every time you access the site is tedious. But logging out whenever you step away from the computer helps you avoid trouble like yesterday’s, which caught users who were logged in.

And this should go without saying, but if you’re using a public computer, log out of everything when you have finished. Don’t just close windows; spend the extra few seconds and click through the “Are you sure you want to log out?” prompts.

3) Act appropriately

When you reset your password and/or log out, make sure to do so from the actual commands in your dashboard’s “settings” options.

Never under any circumstances click on a post’s link that says “Click here to reset your password.” In 2011, a phishing scam effectively stole many users’ passwords and information by taking on the guise of the Tumblr login screen.

4) Don’t click on unknown posts, no matter how intriguing

One reason that the Tumblr hack spread so quickly was because it was created with a “clickbait” headline—text so intriguing that you almost can’t stop yourself from clicking the link.

If a post pops up on your feed that looks suspicious or begs you to click on it, tread carefully. Even better: Copy the post’s headline and Google it. Many hackers like to target large numbers of people, so chances are that you are not the first person to lay eyes on the posting. If you see the post’s title appear in its entirety, word for word, on several discussion forums, it should be an immediate red flag.

Additionally, think about the user who may have reblogged the post. Is this something that she would typically share? If someone on your friends list posts nothing but animated Godzilla GIFs every day, chances are that a sudden switch in content to “Dearest Tumblr Users” means he has been hacked.

5) Stay informed

While the Dec. 3 attack was limited to Tumblr blogs, news of it was everywhere. I personally found out about the attack from several users tweeting about it and creating Facebook status updates.

Pay attention to what such friends report. After all, who would know better about the hacking than someone whose account was hacked? Once the barrage of “OMG my Tumblr was hacked!” updates die down, chances are that a flood of tips to restore your account will follow.

Similarly, if you get any sort of word that a site such as Tumblr is being hacked, visit a different site, such as Twitter or even Reddit (r/tumblr reported the hack as it unfolded) and search for news on your own.

6) Wait for the all-clear

If you returned home to find smoke pouring out of your house, would you go inside to verify that something was on fire? No, you’d wait for firefighters to advise you that it is once again safe to enter. Treat your online life the same way.

If you see news of a Tumblr attack blowing up on your other social media feeds, don’t log in and find a copy of the affected post to see everything for yourself. Wait until it looks like site administrators have remedied the problem, and then log back in.

Photo via Josh James/Flickr


Share this article
*First Published: Dec 4, 2012, 9:45 am CST